Vulnerability Description
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Content Security Management Appliance | - |
| Cisco | Web Security Appliance | - |
| Cisco | Email Security Appliance Firmware | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-IExploit
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624Vendor Advisory
- http://www.securityfocus.com/bid/72702
- http://www.securitytracker.com/id/1031781
- http://www.securitytracker.com/id/1031782
- http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-IExploit
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624Vendor Advisory
- http://www.securityfocus.com/bid/72702
- http://www.securitytracker.com/id/1031781
- http://www.securitytracker.com/id/1031782
FAQ
What is CVE-2015-0624?
CVE-2015-0624 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects...
How severe is CVE-2015-0624?
CVE-2015-0624 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0624?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Content Security Management Appliance, Cisco Web Security Appliance, Cisco Email Security Appliance Firmware.